问题
I am trying to use the Alternative Directory Layout and ansible-vaults within. But when i run my playbook, variables which are vault encrypted could not resolve with that directory structure. So what iam doing wrong?
I execute via:
ansible-playbook -i inventories/inv/hosts playbooks/inv/invTest.yml --check --ask-vault
Here is my structure:
.
├── inventories
│ ├── inv
│ │ ├── group_vars
│ │ │ ├── var.yml
│ │ │ └── vault.yml
│ │ └── hosts
│ └── staging
│ ├── group_vars
│ │ ├── var.yml
│ │ └── vault.yml
│ └── hosts
├── playbooks
│ ├── staging
│ │ └── stagingTest.yml
│ └── inv
│ ├── invTest.retry
│ └── invTest.yml
└── roles
├── basic-linux
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ └── main.yml
├── test
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ └── main.yml
└── webserver
├── defaults
│ └── main.yml
├── files
├── handler
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
this is my hosts file (inventories/inv/hosts
):
[inv]
testvm-01 ansible_ssh_port=22 ansible_ssh_host=172.16.0.101 ansible_ssh_user=root
testvm-02 ansible_ssh_port=22 ansible_ssh_host=172.16.0.102 ansible_ssh_user=root
playbook (playbooks/inv/invTest.yml
):
---
- name: this is test
hosts: inv
roles:
- { role: ../../roles/test }
...
role which uses the vault encrypted var (roles/test/tasks/main.yml
):
---
- name: create test folder
file:
path: "/opt/test/{{ app_user }}/"
state: directory
owner: "{{ default_user }}"
group: "{{ default_group }}"
mode: 2755
recurse: yes
...
var which points to vault (inventories/inv/group_vars/var.yml):
---
app_user: '{{ vault_app_user }}'
app_pass: '{{ vault_app_pass }}'
...
vault file (ansible-vault edit inventories/inv/group_vars/vault.yml
):
vault_app_user: itest
vault_app_pass: itest123
The error message iam getting is something like this:
FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: {{ app_user }}: 'app_user' is undefined\n\nThe error appears to have been in 'roles/test/tasks/main.yml': but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: create test folder\n ^ here\n"}
回答1:
You define variable app_user
in a file called var.yml
stored in group_vars folder.
In your execution line you point to the inventories/inv/hosts
as your inventory directory.
It doesn't matter what strings you used in this path -- from Ansible's point of view it sees only:
hosts
group_vars
├── var.yml
└── vault.yml
It will read var.yml
for a host group called var
and vault.yml
for a host group called vault
.
In your case -- never.
You likely wanted to organise your files this way:
inventories
└── production
├── group_vars
│ └── inv
│ ├── var.yml
│ └── vault.yml
└── hosts
This way, files in group_vars/inv
will be read for hosts in group inv
.
来源:https://stackoverflow.com/questions/46906320/ansible-with-alternative-directory-layout-and-using-vaults